Poweroff or Reboot as normal User
Solution 1
I changed /etc/sudoers
so that every user that is in the admin group can execute the following commands without being ask for a password.
sudo halt
sudo reboot
sudo poweroff
You just need to add the following lines to /etc/sudoers
## Admin user group is allowed to execute halt and reboot
%admin ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff
and add yourself to the admin group.
If you want only one user to be able to do this just remove the %admin
and replace it with username
like this
## user is allowed to execute halt and reboot
stormvirux ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff
You can find out more about /etc/sudoers
with man sudoers
or the online manpage
Solution 2
You can also create a new file under /etc/sudoers.d
name it as you wish(I named it 'shutdown'
), and put the following lines inside:
# Allows me to shutdown the system without a password
yourUserName ALL = NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff
Just change "yourUserName" for YOUR User Name, and add or remove commands to use, personally I use it only for shutdown
. One of the main difference of creating a particular file under sudoers.d
is that this file will survive System Upgrades
Solution 3
You can also achieve this by trick with setuid. I don't know if it will work on all systems, because they sometimes ignore setuid/setgid bit.
You can specify a group of users who can perform change of system state in my case it was adm
. Then add appropriate users to this group.
gpasswd -a $USER adm
Specify permissions:
chmod 4550 /usr/bin/reboot
ls -l
outpus should look like this:
-r-sr-x--- 1 root adm 18928 Mar 13 2015 /usr/bin/reboot
Afterwards you can just type:
reboot
Solution 4
Simplest solution:
sudo echo $USER >> /etc/shutdown.allow
Then you're able to use one of this commands:
shutdown -ah now // halt
shutdown -ar now // reboot
According man shutdown there is -a option for non-root usage:
If
shutdown
is called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console ...
It works in Debian Linux. And there is limit for 32 user names in /etc/shutdown.allow
.
Solution 5
Another way to achieve not only boot privileges but access to all systemctl services for a specific user or group in a Debian system is doing this:
sudo chown root:myuserorgroup /bin/systemctl
sudo chmod 4755 /bin/systemctl
Because all boot scripts /sbin/shutdown
, /sbin/poweroff
, /sbin/reboot
are links to /bin/systemctl
, changind its permissions and ownership grants the necessary privilege to execute it as root user.
Be aware that the user will be able to execute all systemctl operations. This may sound as a security threat, but it is a simple general solution to embbeded systems where your default user must not only have the access rights to shudown but also to work with all the other system services related to systemctl
.
Related videos on Youtube
Stormvirux
profile for Stormvirux on Stack Exchange, a network of free, community-driven Q&A sites http://stackexchange.com/users/flair/447199.png
Updated on September 18, 2022Comments
-
Stormvirux almost 2 years
To run the command
poweroff
orreboot
one needs to be super user. Is there anyway I can run this as a normal user? I just don't want tosudo
and enter my password every time I reboot or power off.-
jasonwryan almost 11 yearsThe answer depends on which init system your distro uses... For example, with
systemd
and an activelogind
session you can reboot or poweroff without elevated privileges providing no other user is still logged in... -
Stormvirux almost 11 years@jasonwryan I am currently using Ubuntu which doesnot use
systemd
by default.So you mean other Distros such as Arch can reboot without elavated privileges? -
jasonwryan almost 11 yearsYes: as per the conditions in my first comment.
-
-
fpmurphy over 6 yearsNo such option on Fedora, CentOS or RHEL.
-
Raphael Ahrens over 6 yearsThis is also not working for Ubuntu, at least that is what I get from the docs. It would be helpful to see if this is a Debian only feature.
-
patricktokeeffe over 4 yearsIf you choose this approach, ensure that
/etc/sudoers
has an appropriate#include
directive to read files from/etc/sudoers.d/
. -
tink over 4 yearsStill not in Ubuntu (18.04) in 2020 =}
-
TrentP over 4 yearsDon't do this with systemd! With systemd, the
reboot
command is a symlink tosystemctl
, so you'll actually changesystemctl
to be setgid, and systemd does some security stuff (like don't trust env variables in setuid/gid programs) that will break it when setuid/gid. -
Thawn over 2 yearsI would generally not do this. Setuid is a security risk (see the comment about systemd). Which you can easily avoid using sudo as explained in some of the other answers.
-
hurufu over 2 yearsThanks for pointing that out, but I don't see a security risk here. If
reboot
is a symbolic link then of course don't do it, but if you don't use systemd as an init system and your reboot program is small and does only one thing then everything is Ok. You should just always use some common sense before using whatever solution you've found on the internet. Regarding an answer involving modification of sudoers file - it still requires to entersudo reboot
which doesn't address OP's wish to not writesudo
at all.